APEX 5.0 will include a new mobile theme, which support the new jQuery Mobile swatches. It's very easy to use ThemeRoller to create your own swatch and upload the zip in Shared Components in APEX and add a style to the theme and make it active.

There are many more new features in APEX 5.0 for mobile development like for example a new region type called "Reflow table".

Friday, June 20, 2014

The Page Designer makes you way more productive, less clicks and quicker results. You have to get used to it, and you probably want a big monitor (time to ask your boss!), but once all that is done - you will love it.

The Page Designer is so intuitive and attention was put in the details. When you make a mistake APEX gives you immediate feedback. Here's a screenshot:

The region where the error is, is highlighted.
You get a notification message top right in red with the error message and inside the property panel it's highlighted what you need to change. Once you click on the field it will give another text notification e.g. that it is required.

There's also the Messages tab which gives you an explanation of what is wrong. Clicking on the link will bring you right where you need to go.

But just look at the Page Designer for a while; notice the small top left red triangles; it identifies it's a required field. The "Show Common" and "Show All" tabs are great too.

So many things, small, large, ... but so useful.

Here's another one - Developer Comments for the page. If there are comments you see a number in the comment icon. When clicking on the icon you can add more comments. I believe it would also be useful to see the existing comments, hopefully that will be in the final release.

This post is based on Oracle APEX 5.0 EA2, but there's more coming it looks like. Linked to the previous feature, I see a tighter integration with Team Development already too.

So many things to explore in the APEX 5.0 Page Designer... definitely worth your time.

Michel and Marcel updated their book end of last year, but I didn't take the time to blog about it yet - and months fly. The concept stayed the same as the first edition, but it got updated with the latest info for APEX 4.x.

"People who followed a beginner training or learned APEX at their own and they want to know how to do a specific thing which is covered in the book, it's great to have the book, as you can just follow what the authors wrote and you also have an idea why it's done like that."

If you need onsite Oracle APEX training, you can also contact my company APEX R&D :)

I went with a combination of the Facebook plugin in combination with my own PL/SQL code.
Peter was so nice to share his work with me, thanks again for that Peter. I first thought that the authentication plugin would be plug-and-play, just like the other APEX plugins... but that is not the case.
It hasn't much to do the way Peter's team implemented it, it has more to do with the complex setup of SSL certificates etc. So when downloading the plugin, know that it will take some time to configure it. Luckily Peter provides good documentation so it makes it a bit easier.

So, to see the authentication to work, login with your Facebook account on the wc2014challenge.com site. I extended the plugin a bit so it will automatically create a site account for you behind the scenes so regardless if you create a site account or login with Facebook it can hook up the scores, bets etc. in the same way.

Challenges with Social Authentication

If you want to provide Facebook, Google+, LinkedIn and a normal site account in your app, I found some challenges with that. How do you hook-up a person that logs-in with Facebook the first time, with the same player logging in with Google+ the same time? You could use the email address maybe? But what if they use different ones? There are many blog posts about this topic and how to get around it, but it would bring me to far in this post. I might do a follow-up post later as it's an interesting challenge.

Future

I really believe that most public sites will allow social authentication, so I hope the team of ORDS or the APEX development team will make something available to do the social authentication natively in the future. I believe that would be the best solution (fast to implement and secure).

Monday, June 09, 2014

A few weeks ago I asked my friends at RecX to do a security audit of the World Cup 2014 Challenge app. The result was a security assessment document which explained what they tested, an explanation why it was important and the results they found. I found it very interesting to see how other (security) people approach your code.

Here are the areas they went into:

Access Control

Hidden items

Item Protection

Page Access Protection

Configuration

Session Timeout

Cross-Site Scripting

Column From LOV/Query (make use of )

Direct Output

Indirect Output

Report Column Display Type

Template Variables

Tip: make use of apex_escape.html, apex_escape.html_attribute, utl_url.escape

Tuesday, June 03, 2014

So I started to just show the schedule in the "local time" of the stadium the match was in, so I didn't have to deal with the issue :)

But as you might think, people started to ask to see the schedule in their own time.

In previous years I solved the issue by adding a select list, so people could select the timezone they wanted to see the game in. Behind the scenes I reran the query and added the offset to the time - that worked just fine. Now the challenge this year is that the Brazilian timezone exist out of two timezones, so I couldn't really use the mechanism of before.

In the Oracle database, instead of a date column, you can use a timestamp with timezone column and can better calculate the difference. Another way is to use the "timestamp with local timezone", so you see the data in your timezone (after alter session set time_zone = your timezone).

Instead of doing the timezone conversion, I also thought of doing it on the client (browser), with momentjs for example.

They all have advantages and disadvantages... but at the end I decided to use the native APEX way.

Step 1: make sure your column is of type TIMESTAMP WITH LOCAL TIME ZONE:

Looking at the schedule it shows the times in my timezone, automatically. The nice thing is that this is cross application, so the calendar automatically shows the times in your timezone too. Very, very nice - no additional code.

So it's very easy to make your APEX application time zone aware... the only drawback I find is that this solution requires a redirect the first time you hit the site. That is not really good for Google rankings, but the advantages weight way more than that for now.

You can also read Joel's blog about automatic time zone in APEX 4.0, he build another example which you can follow.